OpenSSH
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: OpenSSH Certkey (PKI)

from [Andre Oppermann] [Permanent Link][Original]
To: Bob Beck <beck@bofh.cns.ualberta.ca>
Subject: Re: OpenSSH Certkey (PKI)
From: Andre Oppermann <andre@freebsd.org>
Date: Fri, 17 Nov 2006 14:02:38 +0100
Cc: Nick Bender <nbender@gmail.com>, tech@openbsd.org, openssh-unix-dev@mindrot.org, freebsd-current@freebsd.org
Delivered-to: sp-com-lists@consult.net
Delivered-to: openssh-unix-dev-list1@securepoint.com
Delivered-to: openssh-unix-dev-tmda@mindrot.org
Delivered-to: openssh-unix-dev@mindrot.org
In-reply-to: <20061116204921.GX26418@bofh.cns.ualberta.ca>
List-archive: <http://lists.mindrot.org/pipermail/openssh-unix-dev>
List-help: <mailto:openssh-unix-dev-request@mindrot.org?subject=help>
List-id: Development of portable OpenSSH <openssh-unix-dev.mindrot.org>
List-post: <mailto:openssh-unix-dev@mindrot.org>
List-subscribe: <http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=subscribe>
List-unsubscribe: <http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev>, <mailto:openssh-unix-dev-request@mindrot.org?subject=unsubscribe>
References: <20061115142820.GB14649@insomnia.benzedrine.cx> <bf04f2850611161212t439d5ce4r59a8bb1fa3cf24@mail.gmail.com> <20061116204921.GX26418@bofh.cns.ualberta.ca>
Sender: openssh-unix-dev-bounces+openssh-unix-dev-list1=securepoint.com@mindrot.org
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b) Gecko/20050217 
Bob Beck wrote:
> 
>       I would think it would be nice if "CAL" had a way of
> saying "these are the ones to be revoked" so no shutdown, just
> propagate the bad one - but I'm talking to daniel offline about it..

That's easy.  echo "ab:cd:ef..." > /etc/ssh/blacklist

Or use a prediodic rsync to do that.  Every pubkey fingerprint listed in it is
denied access.

-- 
Andre
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: ssh-decrypt, Pawel Krupinski
Next by Date:  Re: OpenSSH Certkey (PKI), Andre Oppermann
Previous by Thread:  Re: OpenSSH Certkey (PKI), Nick Bender
Next by Thread:  Re: OpenSSH Certkey (PKI), Stephen Frost
Indexes:  [Date] [Thread] [Top] [All Lists]